Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153947.roa
File:                     AS153947.roa (raw, json)
Hash identifier:          /zJvg8UkIXM4MpgcrWMWGDcLzHBz2w1PN6LrN8t7czg=
Subject key identifier:   7E:D6:9F:53:2B:E2:4E:55:7E:B2:03:3F:E9:D2:A1:60:C5:D0:41:58
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1CF2BA8635B0EF42EBF042852A7323C37CF1EF38
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153947.roa
Signing time:             Fri 15 May 2026 12:03:38 +0000
ROA not before:           Fri 15 May 2026 11:58:38 +0000
ROA not after:            Fri 14 May 2027 12:03:38 +0000
asID:                     153947
IP address blocks:        143.14.18.0/24 maxlen: 24
                          150.241.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:f2:ba:86:35:b0:ef:42:eb:f0:42:85:2a:73:23:c3:7c:f1:ef:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 15 11:58:38 2026 GMT
            Not After : May 14 12:03:38 2027 GMT
        Subject: CN=7ED69F532BE24E557EB2033FE9D2A160C5D04158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3a:2f:9a:eb:d1:46:53:cf:a2:e4:1d:3b:dc:
                    06:a8:1a:fe:a1:02:e1:98:41:a1:4a:a5:ca:0e:7e:
                    44:ed:62:c6:bf:54:82:e7:e6:fb:6a:4e:a7:4f:24:
                    45:f1:92:ca:2f:4f:54:5c:60:62:0e:42:8e:e0:10:
                    16:89:5d:77:a6:f6:03:c9:f1:8f:2e:ee:73:aa:a4:
                    a8:64:31:99:b4:fe:92:91:77:74:5b:bb:f6:3c:14:
                    51:fe:e2:0a:eb:05:40:0d:5a:ed:e3:56:5f:ed:dd:
                    86:94:16:e4:0a:a7:f0:4f:7d:89:dd:30:4f:70:fd:
                    de:e7:6e:8d:a7:f2:d0:97:ca:8b:95:98:8f:40:e4:
                    9f:39:a9:6f:6d:e2:f9:11:fb:b4:f1:2e:fb:5a:16:
                    3e:8a:47:53:72:81:9f:7a:ca:4e:19:e3:8e:f4:c2:
                    5d:c3:71:e2:d5:2b:c4:82:6b:e2:56:67:b8:09:3a:
                    95:1d:88:33:12:b8:40:cb:fd:f3:aa:f3:12:24:45:
                    86:10:18:a3:c5:e2:bd:61:58:9d:f1:e4:71:01:91:
                    a3:41:e9:0c:bc:46:41:93:a5:a4:19:5f:0a:7e:7f:
                    51:16:92:6f:f1:50:21:2c:a7:e2:8b:1b:35:53:2a:
                    b6:4f:9c:fc:00:51:51:df:6f:a6:3c:ad:45:d2:3d:
                    5e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D6:9F:53:2B:E2:4E:55:7E:B2:03:3F:E9:D2:A1:60:C5:D0:41:58
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153947.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.18.0/24
                  150.241.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:60:f0:c2:8b:33:90:ec:5c:47:41:ed:78:ac:ff:a5:a1:fb:
         c0:1e:79:a4:c0:ae:e2:a6:da:c3:22:70:11:f8:95:f1:36:66:
         12:11:9f:1f:4e:84:8e:57:01:ee:42:b5:36:78:0d:e4:c4:6e:
         c7:56:d0:df:7e:d9:c3:17:28:6a:6f:6d:b0:c1:f3:96:1e:36:
         d9:9b:49:6c:a4:48:d9:7a:bc:03:df:1b:ab:7d:1a:8c:6b:22:
         b2:d9:b4:8a:6c:10:ad:8d:f2:52:30:d0:fe:fe:11:fc:6f:d0:
         ef:26:e1:a5:e9:c9:cb:4e:50:e4:fe:99:2a:1f:62:3c:fd:75:
         f5:29:68:13:fa:40:7f:07:8f:c9:e3:a7:c8:10:dd:0d:ce:fc:
         4c:72:6f:37:51:13:aa:ea:33:6e:c9:30:c9:a6:8b:14:94:74:
         d7:87:44:56:75:86:03:d4:3f:af:e9:c2:d1:16:79:11:27:4f:
         f7:ec:ed:55:60:74:0c:81:4f:c3:e5:ad:8b:6f:ce:a6:f4:fd:
         96:3e:78:47:d4:54:d5:ec:37:29:e7:d8:fd:51:99:6a:32:44:
         6f:97:6e:8b:e4:08:9e:93:5d:ec:32:f7:fc:ba:d8:9d:29:cd:
         a4:c9:80:87:34:84:be:31:83:9e:7d:b8:02:76:56:e5:7d:57:
         0d:79:a3:fe
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUHPK6hjWw70Lr8EKFKnMjw3zx7zgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MTUxMTU4MzhaFw0yNzA1MTQxMjAzMzhaMDMxMTAvBgNV
BAMTKDdFRDY5RjUzMkJFMjRFNTU3RUIyMDMzRkU5RDJBMTYwQzVEMDQxNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzOi+a69FGU8+i5B073AaoGv6h
AuGYQaFKpcoOfkTtYsa/VILn5vtqTqdPJEXxksovT1RcYGIOQo7gEBaJXXem9gPJ
8Y8u7nOqpKhkMZm0/pKRd3Rbu/Y8FFH+4grrBUANWu3jVl/t3YaUFuQKp/BPfYnd
ME9w/d7nbo2n8tCXyouVmI9A5J85qW9t4vkR+7TxLvtaFj6KR1NygZ96yk4Z4470
wl3DceLVK8SCa+JWZ7gJOpUdiDMSuEDL/fOq8xIkRYYQGKPF4r1hWJ3x5HEBkaNB
6Qy8RkGTpaQZXwp+f1EWkm/xUCEsp+KLGzVTKrZPnPwAUVHfb6Y8rUXSPV7TAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUftafUyviTlV+sgM/6dKhYMXQQVgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUzOTQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw4S
AwQAlvGLMA0GCSqGSIb3DQEBCwUAA4IBAQBRYPDCizOQ7FxHQe14rP+lofvAHnmk
wK7iptrDInAR+JXxNmYSEZ8fToSOVwHuQrU2eA3kxG7HVtDfftnDFyhqb22wwfOW
HjbZm0lspEjZerwD3xurfRqMayKy2bSKbBCtjfJSMND+/hH8b9DvJuGl6cnLTlDk
/pkqH2I8/XX1KWgT+kB/B4/J46fIEN0NzvxMcm83UROq6jNuyTDJposUlHTXh0RW
dYYD1D+v6cLRFnkRJ0/37O1VYHQMgU/D5a2Lb86m9P2WPnhH1FTV7Dcp59j9UZlq
MkRvl26L5Aiek13sMvf8utidKc2kyYCHNIS+MYOefbgCdlblfVcNeaP+
-----END CERTIFICATE-----